NDG does not discover network ports

book

Article ID: 128551

calendar_today

Updated On:

Products

CENDURA

Issue/Introduction

When running a Network Discovery Gateway (NDG) Scan on Linux or Unix machines, the network ports are not discovered

Cause

When NDG runs netstat -atupn, the output produces additional unexpected results which cannot be parsed and the remainder of the data will not be captured.  To confirm, if the NDG scan is run with detail logging enabled on the profile, the CCA UI Log tab will show the data.  Also, by running netstat -atupn on the target machine, you can see the output similar to:
Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.
That is not a standard output from the netstat command, hence NDG is unable to parse the expected netstat return data

Environment

Release:
Component: CAACM

Resolution

Two options in resolving this issue
  1. Run the scans as root or root-like user
  2. Set the netstat permission: chmod u+s /usr/bin/netstat or chmod u+s /bin/netstat

Additional Information

Discuss the options with your Security Team before making any permission changes to exectuables